Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-22	CVE-2024-46538	Cross-site Scripting vulnerability in Netgate Pfsense 2.5.2 A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. network low complexity netgate CWE-79	4.8
2023-11-14	CVE-2023-42325	Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0 Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. network low complexity netgate CWE-79	5.4
2023-11-14	CVE-2023-42327	Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0 Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. network low complexity netgate CWE-79	5.4
2023-02-22	CVE-2022-29273	Cross-site Scripting vulnerability in Netgate Pfsense pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. network low complexity netgate CWE-79	6.1
2022-12-15	CVE-2020-21219	Cross-site Scripting vulnerability in Netgate Acme and Pfsense Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package. network low complexity netgate CWE-79	6.1
2021-07-12	CVE-2020-19201	Cross-site Scripting vulnerability in Netgate Pfsense A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. network low complexity netgate CWE-79	5.4
2021-07-12	CVE-2020-19203	Cross-site Scripting vulnerability in Netgate Pfsense An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. network low complexity netgate CWE-79	5.4
2020-04-29	CVE-2020-10797	Cross-site Scripting vulnerability in Netgate Pfsense An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. network low complexity netgate CWE-79	6.1
2020-04-01	CVE-2020-11457	Cross-site Scripting vulnerability in Netgate Pfsense pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user. network low complexity netgate CWE-79	5.4
2019-09-26	CVE-2019-16914	Cross-site Scripting vulnerability in Netgate Pfsense An XSS issue was discovered in pfSense through 2.4.4-p3. network low complexity netgate CWE-79	6.1